The myth of the cybersecurity skills shortage

Everyone seems to think that there’s a lack of qualified security professionals, and that the reason is that there aren’t enough people entering the field with the required skills. There is a fallacy behind that thinking, though. People think that security is a stand-alone discipline, but it is actually a discipline within the computer field. Treating it otherwise is a mistake.

Most of the people who have been in the security profession for more than a decade, including me, entered the field without a cybersecurity degree. We might have certifications, but we don’t claim that those certs are the source of any expertise we may have.

My own experience is not atypical. In all of my years of working, as an employee or contractor, for the National Security Agency and other military and intelligence agencies, I never performed specifically what would be considered security work.